[SunHELP] SSH gateway
James Lockwood
sunhelp at sunhelp.org
Wed Apr 18 15:12:22 CDT 2001
On Wed, 18 Apr 2001, Jan Johansson wrote:
> Do not trust this without hacking your telnet binary. Why?
>
> nemesis$ telnet
> telnet> !echo foo
> foo
This is, of course, completely wrong:
# tail -1 /etc/passwd
test:x:12345:100:Test acct:/tmp:/usr/bin/telnet
# su - t1
-telnet> !echo abc
echo abc
: Unknown host
-telnet> !
telnet> quit
-telnet> quit
/usr/sbin/telnet, like most other programs which allow a "shell" escape,
uses getpwnam(3C) and the pw_shell member to determine what to execute.
This is not to say that telnet is escape-free. Purpose built tools such
as the gateways in the fwtk package are almost sure to be better bets.
-James
More information about the SunHELP
mailing list